Microsoft security software detects and removes this threat.

This threat has been "obfuscated", which means it has tried to hide its purpose so your security software doesn't detect it.

The malware that lies underneath this obfuscation can have almost any purpose.

Find out ways that malware can get on your PC.

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other hidden malware.

Enable MAPS 

Enable the Microsoft Active Protection Service (MAPS) on your system to protect your enterprise software security infrastructure in the cloud.

  1. Check if MAPS is enabled in your Microsoft security product:

    1. Select Settings and then select MAPS.

    2. Select Advanced membership, then click Save changes. With the MAPS option enabled, your Microsoft anti-malware security product can take full advantage of Microsoft's cloud protection service

  2. Join the Microsoft Active Protection Service Community
Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

VirTool:Win32/CeeInject is a detection for certain forms of obfuscated malware. Malicious programs detected as VirTool:Win32/CeeInject are used by different malware families in the wild to protect them from detection or analysis.

One such sample of VirTool:Win32/CeeInject obfuscates a Bitcoin mining client, which may be installed on your PC to mine Bitcoins without your knowledge.

Analysis by Stefan Sellmer


Alerts from your security software might be the only symptom.


Alert level: Severe
First detected by definition:
Latest detected by definition: 1.211.1009.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Nov 23, 2007
This entry was updated on: Jun 02, 2015

This threat is also detected as:
  • Win32/Injector.KAN trojan (ESET)
  • Virus.Win32.CeeInject (Ikarus)
  • Trojan.Win32.Miner.p (Kaspersky)
  • TROJ_INJECTR.VI (Trend Micro)